Hi, we would install a PROFTPD Server in a DMZ behind our Firewall. We have installed a WEB-Server in the DMZ and a Mail-Server in the internal Network. Both of them works very well. If we access the FTP-Server via WEB we see the login message and the ftp-prompt. A pwd and cd runs perfect. If we do a "dir" or "ls" we see the line "220 Port Command successfull" and nothing goes on. The same comes from internal net. Which port have to be opened, that we can access the ftp-Server? config File FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" # How is access allowed to high (unpriviliged [above 1023]) ports? FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" # Are you running some of the services below? FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="0/0,217.69.228.240/27,tcp,80 0/0,217.69.228.240/27,tcp,4430/0,217.69.228.240/27,tcp,7070 \ 217.69.228.241,192.168.1.105,tcp,1500 0/0,217.69.228.240/27,tcp,21 0/0,217.69.228.240/27,tcp,22" # Mail-Server FW_FORWARD_MASQ="0/0,192.168.1.109,tcp,25" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" Thanks Joachim Winter